Embedding Security Monitors in Software Components

Abstract

Software can be made more secure by stipulating and integrating security specifications in the development process. However, guaranteeing the correct implementation of these specifications is a daunting task. In spite of security testing, vulnerabilities can still be present in the deployed software. Especially, the development practice is in favor of reusing off-the-shelf components in component-based software development. Therefore, a component with security vulnerabilities can affect the security of the entire software system. Hence, the behavior of the deployed software should be monitored and checked against its security specifications to identify vulnerabilities introduced due to incorrect implementations. In this thesis, we first present a secure software development process that links the development phases to the monitoring phase. As part of this process, we identify the activities necessary to develop a software component with an embedded specification-based security monitor. The security specifications are stipulated using UML state machines to bring the software and security engineering domains closer. These state machines are then used to develop the embedded specification-based security monitor, thereby enabling self-monitoring. Moreover, we describe how UML state machines can be employed to represent attack scenarios for a specification-based intrusion detection system. We elaborate upon the design and operation of the embedded monitor within the software component. Finally, we suggest using a hybrid of event and time monitoring techniques to observe different constraints imposed by security specifications. We evaluate our proposed methodology by developing an authentication component and enhancing selected components Filezilla and the Concurrent Versioning System (CVS). The authentication and CVS components are evaluated for the impact on design complexity and performance of the target software systems due to the embedded monitor. The viability of the proposed hybrid monitoring technique is assessed by comparing its effectiveness and performance with event and time monitoring techniques. The hybrid monitoring technique is more effective and efficient when compared with event or time monitoring techniques separately.